[Snort-users] 13 instances of ping bsd

Mark Rowlands mark.rowlands at ...752...
Tue Nov 28 06:32:39 EST 2000


> On Tue, 28 Nov 2000, Mark Rowlands wrote:
> > [**] IDS152 - PING BSD [**]
> > 11/27-22:49:21.777738 0:80:C8:56:FB:5 -> 0:10:4B:B6:F1:7B type:0x800
> > len:0x62 203.197.173.129 -> 62.5.7.17 ICMP TTL:56 TOS:0x0 ID:55074
> > ID:23472   Seq:51862  ECHO
> > 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17  ................
> > 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27  ........ !"#$%&'
> > 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37  ()*+,-./01234567
> > 38 39 3A 3B 3C 3D 3E 3F                          89:;<=>?
> >
> > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> >
> > hi folks, got 13 of these within millisecs of each other all different
> > IPs but apparently same mac address...... none of the addresses have
> > shown up before or since. any thoughts?

On Tuesday 28 November 2000 07:43, Todd Backman wrote:
> I am curious if the 13 diff IP's were from unassigned IP space of major
> bandwidth providers?
>
> - Todd
>

63.140.2.3		3.winstar.net			VIENNA  	WINSTAR
208.185.54.14		208.185.54.14.speedera.com 	San Jose 	Abovenet Communications
200.194.68.4						Brazil		RNP
202.130.158.130						Hong Kong	UUNET Hong Kong Limited 
202.54.111.72						India		VSNL - ISP 
203.166.49.226		speedera?			Australia	UUNET-AU Customer Assignment 
203.197.173.129						India		Videsh Sanchar Nigam Ltd - India.
206.63.151.4 						Seattle	 	Reed McClure
216.219.241.162						Ft. Lauderdale 	CyberGate
204.176.88.5 						Santa Clara 	Speed Era Networks
209.155.224.130 					Larkspur 	CRL Network Services
207.235.98.194		hop before is speedera				Houston	 	4GL Corporation
64.67.26.194		host.domain.com 		Sterling	 	Network Access Solutions - 
Atlantic Telecom

not sure exactly what you been by unassigned : an eclectic little collection 
non?.......speedera pop up 4 times. packets were received within a 1.6 
seconds time interval...the mac address (doh) is the isp's local switch,ttls 
are all between 39-56



More information about the Snort-users mailing list